On Tue, Jan 12, 2016 at 10:00 PM, oleg yusim <olegyusim@gmail.com> wrote:
> Important: let's assume data at rest is encrypted using EFS and data at
> transit is encrypted using ciphers, provided by OpenSSL.
>
> So, with that in mind, please, help me to understand movement and location
> of the data between the moment when it is pulled from file system and
> encrypted as network package going through the SSL tunnel.
>
> And reversing it - between the moment network package arrived through the
> SSL tunnel is decrypted and the moment its content is placed into the file
> system.
At all times the data is present only in files owned by the OS user
which runs the database server or in RAM allocated to processes run
by that user. Files and RAM are freed without overwrite; we count
on the OS to not gratuitously show the old values to processes
making new allocations.
--
Kevin Grittner
EDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company